<?php
	session_start();
	mysql_connect("localhost","root","1234");
	mysql_select_db("book_db");
	$strSQL = "SELECT * FROM officer WHERE username = '".mysql_real_escape_string($_POST['username'])."' 
	and password = '".mysql_real_escape_string($_POST['password'])."'";
	$objQuery = mysql_query($strSQL);
	$objResult = mysql_fetch_array($objQuery);
	if(!$objResult)
	{
			header("location:admin.php");
	}
	else
	{
			$_SESSION["OfficerID"] = $objResult["OfficerID"];
			$_SESSION["status"] = $objResult["status"];

			session_write_close();
			
			if($objResult["status"] == "ADMIN")
			{
				header("location:adminadd.php");
			}
			else if($objResult["status"] == "EMPLOYEE")
			{
				header("location:officer_admin.php");
			}
			else
			{
				header("location:admin.php");
			}
	}
	mysql_close();
?>